CVE-2020-7774

Name of the Vulnerable Software and Affected Versions y18n versions prior to 3.2.2 y18n versions prior to 4.0.1 y18n versions prior to 5.0.5

Description The issue is related to Prototype Pollution, which can be exploited by a remote attacker to perform a "prototype pollution" attack. This occurs due to uncontrolled modification of object prototype attributes. The estimated number of potentially affected devices worldwide is not specified. There is a proof of concept (POC) that demonstrates the vulnerability by setting the locale to proto and updating the locale with a polluted object, resulting in the pollution of the prototype.

Recommendations Upgrade to version 3.2.2 or later for versions prior to 3.2.2 Upgrade to version 4.0.1 or later for versions prior to 4.0.1 Upgrade to version 5.0.5 or later for versions prior to 5.0.5 As a temporary workaround, consider restricting the use of the setLocale() and updateLocale() functions until a patch is available. Avoid using the proto locale to minimize the risk of exploitation.